01-28-2019 09:43 PM - edited 03-08-2019 07:12 PM
Hi all
I have a customer running ISE 2.2 and I am trying to set them up with email alerts for specific CRITICAL alarms only (e.g. disk threshold, certs expired, etc) but I don't have an ISE 2.2 system to test with. But I have an ISE 2.4 patch 5 lab and I thought that the email alerting should be similar (if not identical) ?
When I was testing I found that ISE would not send an email for the alarms I was testing because ISE had not yet generated the alarm itself, even though the actual event had really taken place!
e.g. I changed the config in ISE, but ISE would not create an Alarm for that - hence, no emails. And early on in my testing I enabled the feature to send alarms for ALL events and then by coincidence an Alarm was created and I received an email. This caused me to believe that I needed to enable this feature globally. But I think that was a red herring.
I need a reliable way to test this feature. I have chosen the NTP sync failure and Smart Licensing Registration, because these are things I can easily toggle to provoke events (e.g "Fewer VM Licenses installed" is a reliable alarm) .
Just beware that even though you create some fault/event in ISE, the Alarm event generation may be delayed by hours - and you won't receive any emails as a result. I don't know how the Alarming works in ISE. e.g. if I consistently break NTP, why don't I get emails about that?
I have been on a bit of a journey of discovery today, realising that ISE Alarms are generated at different intervals. e.g. ISE Inactivity is every 15 minutes. But NTP failures are only alarmed every 75 minutes. I have not seen this documented anywhere?
Does anyone have a reference of how often these various alarms are sent out? I am afraid of spamming my customer with ISE alarm emails.
01-30-2019 12:48 PM
The simplest alarm to test with is Configuration Changed alarm. So if you put your email on that alarm specifically you are saying you don't get an email every time you make a configuration change in ISE. If you look at the home screen in ISE it has the alarms. The alarms there should generate an email if you have it configured.
01-31-2019 01:58 AM
Hi @paul - you are right - that's what I thought too. Each and every configuration change (in the GUI ... not CLI ;-) should trigger an Alarm event in the Dashboard. But that wasn't the case in my lab. I will give it another go but I was making heaps of changes and it didn't appear in the Alarm summary - hence, no emails sent.
It also became clear that there is a fixed alarming schedule for most of these alarms - e.g. every 15min inactivity alarms are sent out if no radius requests come in. Or expired cert alarms happen every 24 hours at midnight (or as my customer called it "stupid o'clock" because I think it got him out of a nice sleep :-) - if only there was a handly table that told me WHEN, and HOW OFTEN each alarm is generated. That would be awesome ... really awesome :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide